Detailed analysis and improvement of an efficient and secure identity-based public auditing for dynamic outsourced data with proxy

Abstract

Abstract For data owners of restricted cloud access with a delegated proxy, public auditing technology for cloud data integrity, plays critical roles in ensuring powerful productivity that flexible cloud services provide for their business. In order to address the scalability of data owners and storage clouds for secure public auditing, Yu et\xa0al. (2017) proposed an Identity-Based Public Auditing for Dynamic Outsourced Data with Proxy Processing (https://doi.org/10.3837/tiis.2017.10.019), which also overcomes complicated public key certificates management issue. In this article, we figure out that this scheme is vulnerable to data loss attack where clouds could pass integrity auditing without original data. Meanwhile, a threat of system security is demonstrated, i.e., any entities are able to recover proxy private keys and impersonate proxy to forge proxy tag, with two arbitrary data tag pairs of same data owner. To enable secure identity-based batch public auditing with proxy processing, we propose an improved scheme without these security flaws and prove its security under CDH hard problem in the random oracle model. With complexity analysis, our scheme shows better efficiency over identity-based proxy-oriented data uploading and remote data integrity checking in public cloud (ID-PUIC) in a single owner effort on a single cloud. Especially, we give the detailed analysis for how efficiently the attacks on Yu et\xa0al.’s scheme could be launched with an experiment, and demonstrate complete reduction on probability and time for proving security of our improved scheme. For potential application in big data storage, we first evaluate the error detection probability varying on number of auditing blocks, and then conduct detailed performance analysis by simulating our scheme and ID-PUIC scheme on the different number of data owners and storage clouds, with up to 106 data blocks.